VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victimβs browser when viewing.
[
{
"product": "VMware App Volumes",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006"
}
]
}
]